While trying to write a reproducer for CVE-2016-2776, I discovered that the 1:9.8.4.dfsg.P1-6+nmu2+deb7u10 version in wheezy would crash, while unpatched jessie and upstream would not: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839051> This might be due to an incomplete fix for CVE-2015-5477. If the entire fix is missing, you can probably reuse the CVE ID. If not, please let us know, and we'll assign a new ID once you have a patch.